Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hmac-sha2-06

D.Rogers@gmx.net Wed, 15 April 2015 16:03 UTC

Return-Path: <D.Rogers@gmx.net>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFEDB1B2CF9 for <kitten@ietfa.amsl.com>; Wed, 15 Apr 2015 09:03:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.186
X-Spam-Level:
X-Spam-Status: No, score=-1.186 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IVNtIBZsAqVe for <kitten@ietfa.amsl.com>; Wed, 15 Apr 2015 09:03:24 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57DD91ACD44 for <kitten@ietf.org>; Wed, 15 Apr 2015 09:03:24 -0700 (PDT)
Received: from [93.214.238.26] by 3capp-gmx-bs26.server.lan (via HTTP); Wed, 15 Apr 2015 18:03:07 +0200
MIME-Version: 1.0
Message-ID: <trinity-2739ed2a-59ce-446a-a746-cb4391a3bc88-1429113787632@3capp-gmx-bs26>
From: D.Rogers@gmx.net
To: "Luke Howard" <lukeh@padl.com>
Content-Type: text/html; charset=UTF-8
Date: Wed, 15 Apr 2015 18:03:07 +0200
Importance: normal
Sensitivity: Normal
In-Reply-To: <46448841-4ABE-4176-88B1-94C2B26583C4@padl.com>
References: <alpine.GSO.1.10.1503301227280.22210@multics.mit.edu> <551D6C35.4080108@mit.edu> <alpine.GSO.1.10.1504081626110.22210@multics.mit.edu> <5525B044.8070509@mit.edu> <CAC2=hnfbLoRAQLwDQhL7pVYMS8kqfc1rAA6Ha1np1h1WnhT5aw@mail.gmail.com> <55271546.6020505@mit.edu> <597E759F-7941-4619-BCE0-DF604221EBB5@padl.com> <trinity-4f1ce1f7-6610-4a7e-aca8-c3205d929e2e-1429091657571@3capp-gmx-bs24>, <46448841-4ABE-4176-88B1-94C2B26583C4@padl.com>
X-UI-Message-Type: mail
X-Priority: 3
X-Provags-ID: V03:K0:jy3mQJAIjvKRqgSd3TsapZkLvMofIrz9GxTAvNgwcyQ 7WlL0RYFDZmIVjbGtEdoZBS/18jz+6bFlqb+jlO9F9m45kMnrU SX4s0Tvtd3f5o9NwDtzw6jmXm3obtrZz37eTrEW2vN28c1CFiR KCSG9+KR58/vPzFhAMA8RdFNi/3T7VG8xpi/5XNtOLQaaohieW QCxrIgczZhJStsclhYsb6DStdtu5CBWO7IvMQ3iLStt6rPzGnx xaMGDPlJ6G5WfAZNxyuYdnOZkfoT7y5hw3B4GPW+VlBy2C63Tw 1WSr/Y=
X-UI-Out-Filterresults: notjunk:1;
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/y0jMAPMedmVOfGC73x_gMpByB3A>
Cc: "kitten@ietf.org" <kitten@ietf.org>
Subject: Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hmac-sha2-06
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Apr 2015 16:03:26 -0000

Hi Luke,
 
quite right, i should have sensed a trap when you wrote you are "not a crytographer" :-)
 
I would not presume to correct anyone, just that this a big topic, and attempting to generalise always leaves room for further comment.
The SHA-2 family has six members, falling into two architectural groups, meaning that SHA 512 truncated to 256 can be thought of as a version of SHA-512, this cannot be said for SHA-256.
But as you say, this may be going off at a tangent as HMAC is not suseptible to length extension attacks anway.
 
Dean
Gesendet: Mittwoch, 15. April 2015 um 17:13 Uhr
Von: "Luke Howard" <lukeh@padl.com>
An: D.Rogers@gmx.net
Cc: "Greg Hudson" <ghudson@MIT.EDU>DU>, "kitten@ietf.org" <kitten@ietf.org>rg>, "mjjenki@tycho.ncsc.mil" <mjjenki@tycho.ncsc.mil>
Betreff: Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hmac-sha2-06
 
On 15 Apr 2015, at 7:54 pm, D.Rogers@gmx.net" target="_parent" rel="nofollow">D.Rogers@gmx.net wrote:
 
Starting from a larger set and truncating to the same end result does improve security, it may reduce it.
 
My understanding is that as long as the hash function has strong diffusion this is not a problem. The different SHA-2 variants are all truncated versions of SHA-512 (with different initial values). Also, not relevant here (because HMAC is used) but truncating hashes can actually improve security by avoiding length extension attacks.
 
Feel free to correct me as I’m not a cryptographer, I don’t even play one on TV… :)
 
— Luke